• Be a point of escalation for our 24x7x365 security monitoring for multiple clients while working closely with DevOps and product teams
• Work across a myriad of technology stacks in leading cloud providers like AWS, Azure, and GCP
• Analyze security events using logs and open-source knowledge to determine legitimate or false positive nature
• Maintain a record of security monitoring activities via case management and ticketing technologies
• Execute processes & best practices/procedures for intrusion detection, file integrity, endpoint protection, log management and SIEM solutions
• Review environment-specific rules, alerts, and dashboards in SIEM tooling via custom queries
• Support incident response process to address security anomalies in the environment
• Apply technical writing skills to create formal documentation such as analytical reports and briefings
• Maintain standard operating procedures and training materials
• Participate in on-call rotations as needed to support client operational needs that may lay outside of business hours
• Conduct System Health Checks on managed technologies and provide recommendations on performance improvements.
• Identify technical solutions to automate repeatable tasks
• Areas of responsibility will include analysis of threats to the environment, development of both proactive and reactive detection methods, conducting security investigations, responding to incidents, and deploying security solutions in a rapidly growing environme

• BS or above in related Information Technology field or equivalent combination of education and experience
• 2-4 years experience in 24x7x365 production security operations
• 2-4 years experience participating in incident response and analysis activities
• 1 years of hands on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCP
• Experience in Information Security with a focus on incident response and security engineering
• Proven experience with threat identification using SIEM tools, log sources, and forensics tools and techniques
• Experience with ITSM solutions such as Jira and ServiceNow
• Understanding of regular expression and query languages
• Experience analyzing events or incidents to triage the issue
• Excellent communication, organizational, and problem-solving skills in a dynamic environment
• Effective documentation skills, to include technical diagrams and written descriptions
• Ability to work independently and as part of a team with professional attitude and demeanor
• US Citizen

• EC-Council Certified Security Analyst (ECSA) or Certified SOC Analyst (CSA), CompTIA Cybersecurity Analyst (CySA ), GIAC certifications
• Elastic Certification (Certified Engineer, Certified Analyst, Certified Observability Engineer)
• Splunk Certification (Core/Enterprise/Enterprise Security/Cloud Admin or Engineer)
• Previous experience supporting a 24x7x365 security operations for a SaaS vendor
• Experience contributing to security incident handling and investigation, and/or system scenario recreation
• Experience in malware analysis, threat intelligence, forensics, or penetration testing
• Familiarity with Kali Linux, Wireshark, Metasploit, IDA Pro, or open-source debuggers
• Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.
• Experience with vulnerability management tools and data to ensure secure, patched system resources

PI237497045